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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 05 September 2006 , 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 0 Claim(s) 1,3,4,6-13,15.16 and 18-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) IEI Claim(s) 1,3,4,6-13,15,16 and 18-24 is/are rejected. 
?)□ Claim{s) is/are objected to. 

8) n Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) n The drawing{s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to A rguments 

1 . Applicant's arguments, see filed 9/5/06, with respect to USC 112 rejections have been 
fully considered and are persuasive. The rejections of claims 1,4, 13, and 16 have been 
withdrawn. The applicant has amended claims 1,4, 13, and 16 sufficiently to overcome 
the USC 1 12 rejections, and thus those rejections are withdrawn. 

Applicant's arguments filed 2/13/2006 have been fully considered but they are not 
persuasive. 

The applicant argues with respect to claims 1 and 13 that Riggins US 6,233,341 teaches 
that temporary certificates are revoked when the user logs out of the remote side. The 
applicant sites column 3, lines 17-19 and column 14 lines 46-48. the examiner argues 
that the citation only states that these certificates can be revoked, not that they are 
revoked. 

The applicant argues with respect to claims 1, and 13 that Butt teaches a session 
certificate is destroyed in contrast to the present invention where as long as the date and 
time have not expired the short term certificate can still be used. The examiner argues 
that the applicant has not claimed sessions or logging into or out of a remote site, so the 
argument is irrelevant. 

The applicant argues with respect to claims 1, and 13 that there is no teaching or 
suggestion to combine teaching of the Butt patent with the Riggins patent. The examiner 
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has cited that Butt suggests motivation to combine because its certificates are operating 
system independent, and thus they are compatible with a large number of systems. 
The applicant argues with respect to claims 1, and 13 that Riggins teaches away from 
Butt because Riggins teaches a short term certificate that is never subject to revocation 
because it maintains a revocation list identifying revoked temporary certificates. The 
examiner argues that there can be temporary certificates with different expiration periods, 
and while the short term certificates with longer validity times may need to be subject to 
revocation, those certificates with sufficiently short times need never be subject to 
revocation. Thus Riggins and Butt do not teach away but together form a combination 
that relieves part of the burden from the revocation list of Riggins with the short term 
certificates of Butt that are not subject to revocation due to their validity length. 

The applicant argues with respect to claim 1 that the references do not teach a directory 
for short-term authorization information related to the user. As the Examiner as stated in 
the preceding office actions, it is widely accepted that information on computers is stored 
in directories. The applicant cites the instant specification where the information is 
stored in LDAP directories. The applicant however does not claim LDAP. The examiner 
would suggest the applicant insert LDAP into the claim to distinguish the application 
from the current art of record. The examiner also would like to note that independent 
claim 13, contains no reference to any directory. 
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Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made, 

3. Claims 1, 3, 6, 8, 10, 13, 15, 18, 20 and 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Riggins US 6,233,341 in view of Butt US 6,754,829. 

As per claims 1, and 13, Riggins teaches a certificate authority issuing a long-term public 
key identity certificate (certificate) that binds a public key of the user to long term 
identification information (identifying information) related to the user, (Col 1 lines 54-67, 
Col 9 lines 1-2). 

Riggins discloses a certificate authority (global server) for issuing a short term public key 
credential certificate (certificates that are short lived), (Col 3 lines 33-43). The certificate 
binds the public key of the user to long term identification information (long term 
certificate) and to short term authorization information (validity information, name, serial 
number), (Col 15 lines 13-35). The user presents this short term certificate to an 
application (web server) for authorization, (Col 14 lines 25-35). The client demonstrates 
knowledge of a private key corresponding to the public key in the certificate, (Col 5 lines 
59-65, Col 6 lines 53-58). 
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Riggins does not specifically state short term authorization information related to a user. 
Riggins does not teach a short term certificate that is not subject to revocation prior to 
expiration. 

Butt teaches that short lived certificates removes the need for revocation regardless of 
date/time, (Col 9 lines 36-37. It would have been obvious to one of ordinary skill in the 
art to use Riggins PKI system with Butt's elimination of a CRL to enable reduced 
network traffic. 

Butt teaches short term authorization information related to a user (meta-data), (Col 9 
lines 53-67). 

It would have been obvious to one of ordinary skill in the art to use the authorization 
information of Butt's with the PKI system of Riggins because it allows access control 
independent of operating systems, (Butts Col 2 lines 20-40). 

As per claim 3, and 15 Riggins teaches that the expiration date is sufficiently short 
(limited amount of time), (Col 3 lines 33-38). 

As per claims 6, and 18, Riggins teaches a short term certificate in a non structured form, 
(Fig 13). 

As per claims 8, and 20, Riggins teaches an X.509 short term certificate, (Col 10 lines 5- 
10). 

As per claims 10, and 22, Riggins teaches storage of the long term certificate, it is 
inherent that it must be stored in the directory to be retrieved, (Col 9 lines 1-3). 
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Claims 4 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Riggins US 6,233,341 in view of Butt US 6,754,829 in view of Naor US 6,226,743. 

As per claims 4, and 16, the previous Riggins-Butts combination teaches short term 
certificates and revocation lists, but fails to teach an expiration time less than the time of 
the next CRL update. 

Naor teaches that short term certificates are sufficiently short (daily or shorter) so that 
their expiration is before a next CRL update (daily), (Col 10 lines 12-22, Col 12 lines 22- 
26). 

It would be obvious to one skilled in the art to modify the Riggins-Butts combination 
with Naor's short certificates because they lower communication overhead. 

Claims 7, 9, 19, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Riggins US 6,233,341 in view of Butt US 6,754,829 in view of Howell US 
5,276,901. 

As per claims 7, and 19, the previous Riggins-Butts combination teaches a short term 
certificate. The Riggins-Butts combination does not disclose a structured certificate. 
Howell discloses a certificate with access restricted folders contained therein (Col 5 lines 
23-30). 

It would be obvious to one skilled in the art to modify the Riggins-Butts combination 
with Howell's restricted access to increase security. 
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As per claims 9, and 21, The Riggins-Butts combination discloses using a short term 
X.509 certificate. 

Howell discloses restricted folders, (Col 5 line 23). 

It would be obvious to one skilled in the art to modify Riggins-Butts x.509 certificate 
with Howell's restricted folders, because the 509 format is supported by a number of 
different protocols, (Col 8 line 43), and the restricted folders add a measure of security. 

Claims 11, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Riggins US 6,233,341 in view of Butt US 6,754,829 in view of Maruyama US 
6,393,563. 

As per claims 11, and 23 The Riggins-Butts combination does not teach a smart card. 
Maruyama disclose a private key may be stored on a smartcard, (Col 1 line 20, 53-56). 
It would be obvious to modify the Riggins-Butts combination with Maruyama' s smart 
card, because the smart card increases the security of key storage. 

Claims 12, and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Riggins US 6,233,341 in view of Butt US 6,754,829 in view of Kausik US 6,263,446. 

As per claims 12, and 24, The Riggins-Butts combination does not disclose a software 
wallet. 

Kausik discloses storing a private key in a software wallet, (Col 4 lines 1-6). 

It would be obvious to modify the Riggins-Butts combination with Kausik' s software 

wallet because the wallet increases the security of key storage. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J. Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571)272-6962. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christopher J. Brown 11/20/06 




GILBERTO BARRON OTL 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




